General information on data protection
We are very pleased that you are interested in our website – and thus in our company. The protection of your private rights and freedoms is important to us; we only use your data for the purposes intended. Since it is important to us that you know at all times to what extent we collect, use and, if necessary, pass your data onto third parties, we will subsequently inform you in detail about the processing of your personal data (collected via our website).
In principle, you can use our pages without providing any data; if there are exceptions for selected services, we will explain these in the following chapters. We will not process data without a legal basis without your informed consent.
When processing personal data, we strictly adhere to the requirements of the EU Data Protection Regulation (GDPR) and, if necessary, other data protection regulations.
Definition of terms (according to GDPR)
To ensure the requirement for an easily understandable and legible form of the data protection declaration, we refer to the generally applicable term standards of the GDPR, which we reproduce below in accordance with the wording of the GDPR:
- Personal data refers to all information relating to an identified or identifiable natural person (also “data subject”); a natural person is regarded as identifiable, if he/she can be directly or indirectly identified, especially by means of association with an identifier such as a name, with an identification number, with location data, with an online ID or with one or several special features reflecting the physical, physiological, genetic, psychic, economic, cultural or social identity of that natural person;
- Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- Restriction of processing means marking stored personal data to restrict its future processing.
- Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
- Pseudonymisation means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without additional information, provided that this additional information is kept separately and is subject to technical and organisational measures ensuring that the personal data is not an identified or an identifiable natural person.
- The data collector is a natural or legal person, public authority, agency or other body, which either alone or with others, determines purposes and means of processing of personal data; where purposes and means of such processing are determined by European Union or Member State law, the controller or the specific criteria for its nomination may be provided for by EU or Member State law
- The processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
- The recipient is a person, public authority, agency or other body to which personal data is disclosed, whether or not it is a third party. However, authorities which may receive personal data under EU law or the law of the Member States under a particular investigation mandate shall not be considered recipients; the processing of such data by the said authorities shall be carried out in accordance with the applicable data protection rules in accordance with the purposes of the processing.
- A third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
- The data subject’s agreement will be voluntary each time for the particular case, in an informed and unequivocal manner, in the form of a statement or other clear affirmative act indicating the data subject’s consent to the processing of personal data concerning him/her.
Name and Address of the data controller
medicalvision Gesellschaft für visuelle Kommunikation mbH
Dipl. Des. Uwe Peters
Telefon: +49 (0)201 5456200
Name and address of the data protection officer
Cortina Consult GmbH
If you have any questions about the processing of your personal data, if you wish to assert your rights as a data subject (e.g. the right to be informed, correct, block or delete data) or if you wish to withdraw your consent, please contact our data protection officer directly.
This cookie may contain a so-called cookie ID – a unique identifier consisting of a string of characters that enables the assignment of Internet pages and servers to the browser that saves them.
It is possible to use our offerings without cookies (even if they may not be fully functional). Most browsers are initially set to accept cookies automatically. However, you can deactivate the storing of cookies or adjust your browser so that it notifies you when cookies are sent.
Collection of general data and information
As soon as you visit our website, our web server collects some general data and technical information – as shown in the following table:
|Data collected||Collection purpose|
|browser types and versions used||correct display of page contents|
|operating system used, origin of visitors (referrer, e.g. Google), subpages clicked on||optimisation of our website content and our advertising|
|date and time of access to the website as well as the visitor’s IP address and internet service provider||ensuring the permanent functionality of our IT systems (for the operation of the website) and preventing misuse|
|other security data and information in the event of attacks||providing relevant information to law enforcement agencies in the event of a cyber attack|
This data is collected and stored anonymously; we neither intend to make nor make any conclusions about the person concerned.
To ensure quick and uncomplicated contact, we provide you with an appropriate form; alternatively, you can also contact us via the e-mail addresses provided on our website. Personal data is only collected if you voluntarily provide it to us within the framework of your e-mail or form contact. We use the data you provide without your express permission solely to fulfil and process your contact inquiry. This is not passed on to third parties or only takes place on the basis of your inquiry.
DELETION OR BLOCKING OF PERSONAL DATA
We store your personal data only for the time required to fulfil the specified purpose. Your data will be deleted immediately after the expiry of the purpose and storage periods, if any. If deletion is not possible, the data will be blocked instead.
The rights of data subjects
Chapter III of the EU Data Protection Regulation (GDPR) provides for extensive rights for data subjects, which we will explain to you below in relation to data processing on our website:
The right to be informed
If we collect personal data from you or have it collected and process it, you have the right to receive information stored by us about your person free of charge at any time. This specification applies in particular to the following data processing details:
- The purpose of the processing operation
- Categories of data
- If necessary, recipient or categories of recipients
- If necessary, the planned storage duration or the criteria for determining this duration
- Information on the respective right to correction, deletion, restriction or objection
- Existence of a right of appeal to a supervisory authority
- If necessary, origin of the data (if not collected from you)
- If necessary, existence of automated decision making including profiling, and including meaningful information about the logic involved, the scope and the expected effects
- If necessary, (planned) transfer to a third country or international organisation
If you wish to exercise your right to information, please contact our data protection officer using the contact details provided.
The right of rectification
If we collect personal data from you or have it collected and process it, you have the right to request the immediate correction or, if necessary, completion of incorrect or incomplete data concerning you.
If you wish to exercise your right to correction, please contact our data protection officer using the contact details provided.
Right to deletion (right to be forgotten)
If we collect personal data from you or have it collected and process it, you have the right to request the deletion of your data, provided that the processing is no longer necessary and one of the following conditions is fulfilled:
- Expiry of the purpose of processing
- Withdrawal of your consent and the absence of any other legal basis for processing
- Opposition to processing without an important reason to the contrary
- Illegal processing
- Required to fulfil a legal obligation
- Data collection in accordance with Art. 8 para. 1 GDPR
As part of the deletion request, we may pass on your request to those third parties to whom your data was previously transferred.
If you wish to exercise your right of deletion, please contact our data protection officer using the contact details provided
The right to restriction of processing
If we collect personal data from you or have it collected and process it, you have the right to demand restriction of the data processing, provided that one of the following conditions is fulfilled:
- You dispute the accuracy of your data (restriction may be made on our site for the duration of the verification)
- In the event of unlawful processing and provided that the data is not to be deleted, deletion shall be replaced by restriction of processing
- If the processing purposes expire, at the same time you need your data to assert, exercise or defend legal claims
- After your objection pursuant to Art. 21 para. 1 GDPR and for the duration of the examination, whether our justified reasons outweigh yours.
If you wish to exercise your right of restriction, please contact our data protection officer using the contact details provided.
The right to data portability
If we collect personal data from you or have it collected and process it, you have the right to receive the personal data concerning you from us in a structured, common and machine-readable format. As long as it is technically possible and the rights and freedoms of other persons are not affected, we will – at your request – transfer your data to another recipient (data controller).
If you wish to exercise your right to data portability, please contact our data protection officer using the contact details provided.
Right to object
If we collect personal data from you or have it collected and process it (on the basis of Art. 6 Para. 1(e) or (f) GDPR), you have the right to object to data processing (including profiling) at any time. In exceptional cases, the objection may be invalid, e.g. if we can prove compelling legitimate interests for processing that outweigh your interests, or processing serves to assert, exercise or defend legal claims. If we process your personal data for direct marketing purposes, you have the right to object to such processing at any time. This also applies to any profiling connected with such direct advertising. You also have the right to object to the processing of the data we hold about you, which is carried out by us for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 para. 1 GDPR unless such processing is necessary to fulfil a task in the public interest.
If you wish to exercise your right of objection, please contact our data protection officer using the contact details provided.
Automated individual decision-making including profiling
If we collect personal data from you or have it collected and process it, you have the right not to be subject to decision based exclusively on automated processing – including profiling – which has a legal effect on you or significantly impairs you in a similar manner. Exceptions to this requirement apply if the decision to conclude or fulfil a contract between you and us is necessary or if you have expressly consented to the processing. In any event, we will take reasonable measures to protect your rights and freedoms and your legitimate interests, including at least the right on our part to obtain the intervention of a person to express our position and to challenge the decision.
If you wish to make use of rights relating to automated decisions, please contact our data protection officer using the contact details provided.
Right to withdraw consent under the data protection laws
If we collect personal data from you or have it collected and process it, you have the right to withdraw your consent to the processing of your personal data at any time.
If you wish to exercise your right to withdraw consent, please contact our data protection officer using the contact details provided.
Data protection in job applications and in the application procedure
On our website, we offer you the convenient opportunity to apply to us for correspondingly advertised positions using the specially provided form. We use the personal data collected about you exclusively for the purpose of processing the application procedure. Alternatively, you can also apply to us via the e-mail address published in the job advertisement. If, at the end of the application process, we take you on as an employee, the purpose for processing the data concerned will change: in this case, it will in future be used to carry out and maintain the employment relationship. The personal data of applicants that we do not employ will be kept for possible legal claims (e.g. according to the General Equal Treatment Act (Allgemeinen Gleichbehandlungsgesetz – AGG)) for the necessary period (maximum 6 months) and subsequently destroyed or deleted immediately.
Information on data security
We secure our website and other systems via technical and organisational measures against loss, destruction, access, modification or distribution of your data by unauthorised persons. In addition, we have implemented SSL encryption (SHA256) on our website to protect your data. However, despite regular checks, complete protection against all risks is not possible.
Legal basis for processing
We process personal data according to the specifications of the GDPR, depending on the type and purpose of processing, as follows:
|Where allowed by law||Specification of the GDPR|
|Informed consent||Art. 6 para. 1(a)|
|In performance of a contract||Art. 6 para. 1(b)|
|Implementation of pre-contractual measures||Art. 6 para. 1(b)|
|Fulfilment of legal obligations||Art. 6 para. 1(c)|
|Protection of vital interests||Art. 6 para. 1(d)|
|Safeguarding our legitimate interest||Art. 6 para. 1(f)|
Our legitimate interest
Our legitimate interest, as defined in Article 6 para. 1(f) GDPR, is based on the performance of our business activities to maintain our operability and to safeguard the employment of our employees.
The duration of the storage of personal data depends on the respective legal retention period after the purpose ceases to apply. After expiry of this period, we will delete the corresponding data if it is no longer necessary for the fulfilment or initiation of the contract.
Obligation to provide personal data
Under certain conditions (e.g. due to legal or contractual regulations) you are obliged to provide us with your personal data. Examples of such processing are as follows:
|Nature and purpose of the processing||Requirement|
|Conclusion of a sales contract |
(e.g. your address)
|Fulfilment of the contractual obligation |
(e.g. delivery of the goods to your address)
|In the context of employees |
(e.g. transmission of data to the tax office)
|Compliance with legal requirements |
(e.g. tax regulations)
A violation (i.e. the failure to provide the required data) would mean that the respective data processing and consequently the corresponding contract could not be concluded with you. Upon request, we will inform you in individual cases before collecting your data as to whether the provision is required by law or contract, or necessary for concluding the contract, and what consequences this may have for you.
Existence of automated decision-making
We do not make use of automatic decision making and do not use any techniques to carry out profiling measures.
We use a Google+ component on our website; Google+ is a so-called social network in which the users registered there with a personal profile interact, communicate via different channels and can share opinions, experiences and information (texts, pictures) of themselves and others.
Responsible for Google Analytics within the meaning of the DSGVO is Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics (with anonymization function)
We have integrated Google Analytics on our website. This is a web analysis service that evaluates the behavior of website visitors by collecting personal data. Google is capturing Data through the service, e.g. from which website you came to our website (so-called referrer), which subpages you visit or how often or how long you view a particular page. However, these data are collected without direct personal reference; Your IP address will also be processed anonymously (“_anonymizeIP ()” using the script provided by Google (provided that you visit our website from an EU Member State or from the EEA)). We only use Google Analytics for the purpose to optimize our website regarding to a cost-benefit factor.
Responsible for Google Analytics within the meaning of the DSGVO is Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.
To carry out the web analysis, Google uses a so-called cookie (see also chapter “Cookies”) on your PC, which controls the processing of the respective data for web analysis or transmission to Google. The cookie may collect and store personally identifiable information, such as: For example, the access time, the location from which the access originates as well as the frequency of visits. You can prevent the setting of cookies by Google as well as we have already described in the chapter “Cookies”. In addition, you may opt-out of Google’s analysis by installing a Google-provided browser plug-in; You can download and install the corresponding add-on under the following link: https://tools.google.com/dlpage/gaoptout
On our website, we use Google AdWords, an ad integration from Google. This service allows us to place ads in the results of the Google search engine as well as in the network of AdWords participants. Using pre-defined keywords, our ads appear only as part of relevant search queries. A special algorithm distributes our advertisements in the connected network on keyword-related websites, taking into account the search terms we have chosen. However, the display of third-party advertising does not take place on our website.
Responsible for Google AdWords within the meaning of the DSGVO is Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.
When you reach our website via a Google ad, a so-called conversion cookie will be stored on your PC that will remain valid for 30 days and that will not identify you. This cookie logs – without personal reference – how a visitor who came to our site through an AdWords ad generates revenue through our online store by understanding which pages and features are accessed or clicked during the visit to the site. In addition, the stored information is used to generate visitor statistics for our website, which can be used to evaluate how many visitors have reached us via the AdWords ad.
We use Google’s remarketing services on our website; This is an add-on to Google AdWords that allows us to show you ads on other Google Remarketing sites. This has the advantage for you that the ads that you get displayed anyway are more in terms of content tailored to your interests.
Responsible for Google Remarketing within the meaning of the DSGVO is Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.
We use a YouTube integration on our entire website; YouTube is an online video portal that allows you to freely publish, view, rate and comment on published footage of any kind.
Responsible for YouTube within the meaning of the DSGVO is Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, represented by Sundar Pichai (Chief Executive Officer).
Every single one of your visit to our website will be recognize by YouTube and Google by downloading the installed component (YouTube plug-in or video). If you’re a registered YouTube or Google user and logged in to your personal profile, YouTube and Google also recognize which pages you’re visiting. YouTube and Google collect this information and automatically associate it with your user profiles. Furthermore, any interaction you make with the integrations installed on our site will be registered in the same way through YouTube and Google and associated with your profile. If you do not agree with this assignment of your data, please log out of your YouTube or Google Account before visiting our website.
We use a Twitter component on our entire website; Twitter is a so-called microblogging service in which users who are registered there with a personal profile can publish short messages, so-called tweets. These tweets are public – also for unregistered persons – visible. Every tweet channel can be subscribed to by every registered user, so-called followers. Twitter uses links, retweets (the forwarding of messages from others) as well as the now widely used technique of hashtags (#) in order to reach the widest possible audience with their content.
Responsible for Twitter within the meaning of the DSGVO is the Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland.
Every time you visit our website, Twitter recognizes this by downloading the installed component (Twitter button). If you are a registered Twitter user and permanently logged into your personal profile, Twitter also recognizes which pages you call. Twitter collects this information and automatically assigns it to your user profile. Furthermore, any interaction you make with the integrations installed on our site will be registered in the same way by Twitter and associated with your profile. If you do not agree with this assignment of your data, you should log out of your Twitter account before visiting our website. You can find out more about the technology used under the following link: https://about.twitter.com/en/resources/buttons; In addition, Twitter informs in the, under the following link retrievable, data protection regulations on the processing of personal data: https://twitter.com/privacy?lang=en.
We use a Xing integration throughout our website; Xing is a so-called social network in which users registered there with a personal business profile can contact each other, communicate via different channels and share information (texts, events, pictures) between themselves and others.
Responsible for Xing within the meaning of the DSGVO is XING SE, Dammtorstraße 30, 20354 Hamburg, Germany.
Every time you visit our website, Xing recognizes this by downloading the installed component (Xing plug-in). If you are a registered Xing user and permanently logged in to your personal business profile, Xing also recognizes which pages you visit. Xing collects this information and automatically assigns it to your user profile. Furthermore, any interaction you make with the integrations installed on our site will be registered in the same way by Xing and associated with your profile. If you do not agree with this assignment of your data, you should log out of your Xing account before visiting our website.
Here is an overview of Xing’s website plug-ins: https://dev.xing.com/plugins
We use LinkedIn integration throughout our website; LinkedIn is a so-called social network in which the users registered there with a personal business profile can communicate with each other, communicate via different channels and share information (texts, events, pictures) between themselves and others.
Responsible for LinkedIn within the meaning of the DSGVO is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
Every time you visit our website, LinkedIn recognizes this by downloading the installed component (LinkedIn plugin). If you’re a registered LinkedIn user and permanently logged into your personal business profile, LinkedIn also recognizes which pages you’re visiting. LinkedIn collects this information and automatically maps it to your user profile. Furthermore, any interaction you make with the integrations installed on our site will be registered in the same way through LinkedIn and associated with your profile. If you do not agree with this assignment of your data, please log out of your LinkedIn account before visiting our website.
Visit the following link for an overview of the website plug-ins offered by LinkedIn: https://developer.linkedin.com/plugins. You can also opt out of email, SMS, and targeted ads from LinkedIn at https://www.linkedin.com/psettings/guest-controls.